Network Security

 Network Security

Pings can be used to launch an ICMP (internet control message protocol) flood DDoS (distributed denial of service) attack. These attacks overwhelm a device’s network, preventing legitimate incoming traffic and preventing outgoing traffic. These attacks fall into three categories: target local disclosed, router disclosed, and blind ping (NETSCOUT, 2021).

• In target local disclosed, the attacker must know the IP address to ping flood a specific computer on the network.
• In the router disclosed, the attacker needs to know the internal IPs of local routers to ping flood target routers to prevent communications between computers on a network.
• In a blind ping an external program is used to reveal the target IP address before launching a DDoS attack.

        To mitigate these attacks, network administrators may disable ICMP functionality of the target router or computer. There’s also business solutions like Cloudflare which act as stand in between the ping flood and server and diverts the bandwidth cost from the targeted server (CLOUDFLARE, 2021).

Security Holes and Other Vulnerabilities

          Security threats never disappear. That's why it’s always prudent to evaluate a computer and network for security holes and other vulnerabilities. Take Microsoft for example. In April 2020 Microsoft had released patches to address 133 vulnerabilities across its products, 7 of which were for Windows 10 (Winder, 2020). CVE-2020-0948, CVE-2020-0949 and CVE-2020-0950 were memory corruption vulnerabilities that existed in Windows Media Foundation (Winder, 2020). They could be exploited to install programs, change data, and create full user accounts (Winder, 2020). This website (https://www.cvedetails.com/vulnerability-list/vendor_id-26/product_id-32238/Microsoft-Windows-10.html ) details the most recent vulnerability discoveries from Microsoft. To protect oneself from security holes, it is recommended to download the security patches that are released from manufacturers. It is also good to encrypt the data you can before the hackers get into the system. 

Social Engineering

Social engineering is a term that describes the exploitation of human psychology and human error rather than technical hacking techniques to gain access to systems and data (Fruhlinger, 2019). Social engineering can take many forms. There is: baiting, scareware, pretexting, phishing, and many more examples (Imperva, 2019).

1. Baiting is where the perpetrator may lay out physical media like a flash drive to entice the victim to insert it into their computer and subsequently infect it (Imperva, 2019).
2. Scareware is scaring the victim with false alarms and threats so that the victim will download the software “solution” that infects their system and could potentially add computers to a botnet (Imperva, 2019).
3. Pretexting is when the perpetrator establishes trust with the victim by impersonating coworkers or persons with the right to know authority (Imperva, 2019).  This gives the perpetrator access to sensitive data.
4. Phishing scams are where the perpetrators typically send via email or text that give the victim a sense of fear or curiosity that prods them into revealing sensitive information or clicking illegitimate websites.

            

        At my company, the IT department sent out a spear phishing example that looked like the company surveys that were usually sent quarterly. I had not checked the email address closely, so when I clicked the survey link it told me I had failed their phishing test. It taught me a valuable lesson to always check the email address even if the body looks legitimate. For social engineering attacks, the best prevention is awareness of the different attacks and verifying the identity of the worker who is claiming to be a contractor or verifying the email address to see if it is a legitimate email address. It is also good to have antivirus installed to scan email attachments before opening.

References

CLOUDFLARE. (2021). Ping (ICMP) flood DDoS attack. CLOUDFLARE. https://www.cloudflare.com/learning/ddos/ping-icmp-flood-ddos-attack/. 

Fruhlinger, J. (2019, September 25). Social engineering explained: How criminals exploit human behavior. CSO Online. https://www.csoonline.com/article/2124681/what-is-social-engineering.html. 

Imperva. (2019, December 29). What is Social Engineering: Attack Techniques & Prevention Methods: Imperva. Learning Center. https://www.imperva.com/learn/application-security/social-engineering-attack/. 

NETSCOUT. (2021). What is an ICMP Flood DDoS Attack? NETSCOUT. https://www.netscout.com/what-is-ddos/icmp-flood. Winder, D. (2020, April 15). Microsoft Confirms Seven Critical Windows 10 Vulnerabilities, And Attackers Are Exploiting Two More. Forbes. https://www.forbes.com/sites/daveywinder/2020/04/15/windows-10-security-alert-as-microsoft-confirms-seven-critical-vulnerabilities/?sh=1a0258e525bf.

Winder, D. (2020, April 15). Microsoft Confirms Seven Critical Windows 10 Vulnerabilities, And Attackers Are Exploiting Two More. Forbes. https://www.forbes.com/sites/daveywinder/2020/04/15/windows-10-security-alert-as-microsoft-confirms-seven-critical-vulnerabilities/?sh=1a0258e525bf.